RT-AC66U_B1 attacks

[highlow]

Hi,
Does anybody have any idea about this types of attacks on my router RT-AC66U_B1 Firmware Version:3.0.0.4.384_20648 ?

you can see in the attached file what kind of attacks I had.

All my ssh and telnet are deactivated... so how come they succeed in launching shell commands?

 

[ColinTaylor]

All my ssh and telnet are deactivated... so how come they succeed in launching shell commands?

They didn't. It's telling you that AiProtection has detected and blocked an attempted hack. Even if it hadn't blocked it (because AiProtection was turned off for example) that doesn't necessarily mean your router is vulnerable to that attack anyway.

 

[AndreiV]

Look at the words at the top of the list :


" The Details of Successfully Protected Event "

 

[Lee MacMillan]

They didn't. It's telling you that AiProtection has detected and blocked an attempted hack. Even if it hadn't blocked it (because AiProtection was turned off for example) that doesn't necessarily mean your router is vulnerable to that attack anyway.

I just got my RT-AC66U B1 installed and setup a couple days ago. Already have 13 blocked attacks, all from the same IP.

What does this mean in layman's terms? Is there an actual person trying to hack into my network or is this some kind of automatic computer-based attempt?

 

[ColinTaylor]

What does this mean in layman's terms? Is there an actual person trying to hack into my network or is this some kind of automatic computer-based attempt?

Just the normal automatic scanning/hacking attempts. Welcome to the internet.

https://www.abuseipdb.com/check/51.15.225.222

 

[Lee MacMillan]

Just the normal automatic scanning/hacking attempts. Welcome to the internet.

https://www.abuseipdb.com/check/51.15.225.222

So with my previous routers (Tp-Link and Linksys before that) which did not have the AiProtection feature, what happened with all those attempts? I had all the typical safety settings in place.

 

[ColinTaylor]

So with my previous routers (Tp-Link and Linksys before that) which did not have the AiProtection feature, what happened with all those attempts? I had all the typical safety settings in place.

Exactly the same thing that's happening now, the router was ignoring them. The only difference is that the Asus is telling you about it - just to give you something to worry about.

 

[joegreat]

So with my previous routers (Tp-Link and Linksys before that) which did not have the AiProtection feature, what happened with all those attempts? I had all the typical safety settings in place.

How to fix this issue? The resolution is simple: Disable AIProtection immediately - and do not forget to take your daily blue pill and be happy again!

 

[Lee MacMillan]

Exactly the same thing that's happening now, the router was ignoring them. The only difference is that the Asus is telling you about it - just to give you something to worry about.

And I guess it's sending data to Trend Micro too right? If having AiProtection enabled really isn't doing anything for my security, I'm not sure I want my internet activity sent to Trend Micro. OTOH, Google and Facebook probably know me better than my wife of 45 years so what's the harm in another company knowing about me too!